parent
140a2a2721
commit
f271be68d2
16 changed files with 69 additions and 79 deletions
kubernetes
apps/production
cert-manager
longhorn
nginx
cluster/production/flux-system
secrets
packer/debian
terraform/proxmox
|
|
@ -2,10 +2,10 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: local-mafyuh-com
|
||||
name: local-mafyuh-dev
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
secretName: local-mafyuh-com-production-tls
|
||||
secretName: local-mafyuh-dev-production-tls
|
||||
secretTemplate:
|
||||
annotations:
|
||||
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
|
||||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
issuerRef:
|
||||
name: letsencrypt-production
|
||||
kind: ClusterIssuer
|
||||
commonName: "*.local.mafyuh.com"
|
||||
commonName: "*.local.mafyuh.dev"
|
||||
dnsNames:
|
||||
- "local.mafyuh.com"
|
||||
- "*.local.mafyuh.com"
|
||||
- "local.mafyuh.dev"
|
||||
- "*.local.mafyuh.dev"
|
||||
|
|
@ -18,10 +18,10 @@ spec:
|
|||
installCRDs: true
|
||||
replicaCount: 1
|
||||
extraArgs:
|
||||
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
|
||||
- --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53
|
||||
- --dns01-recursive-nameservers-only
|
||||
podDnsPolicy: None
|
||||
podDnsConfig:
|
||||
nameservers:
|
||||
- "1.1.1.1"
|
||||
- "9.9.9.9"
|
||||
- "8.8.8.8"
|
||||
|
|
|
|||
|
|
@ -1,21 +1,20 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-production
|
||||
name: letsencrypt-production
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: matt@mafyuh.dev
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-production
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
email: matt@mafyuh.dev
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-token-secret
|
||||
key: cloudflare-token
|
||||
selector:
|
||||
dnsZones:
|
||||
- "mafyuh.com"
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: matt@mafyuh.dev
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-production
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
email: matt@mafyuh.dev
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-token-secret
|
||||
key: cloudflare-token
|
||||
selector:
|
||||
dnsZones:
|
||||
- local.mafyuh.dev
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ metadata:
|
|||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
|
||||
cloudflare-token: ENC[AES256_GCM,data:QDWamL3h0NLZzezOq5Sxo64K+7nivtl2pmpCbWk6rUFzKXJR7ym6Mg==,iv:Uf6v8dHRvx7dFs9ES5e+YWIo12WtrrXqK1xJ8z/gOO4=,tag:6undZMM8eDXXRp12cRX+dA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -15,14 +15,14 @@ sops:
|
|||
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
|
||||
MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
|
||||
YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
|
||||
NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
|
||||
J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRzV5Sy80OGJGQXRiNkND
|
||||
azlFZG1CNllYbG5kQ0VHRXNhbjdRcEN6TUU0Ckc2RjMza2laWS9Zb21tNmE0eUw3
|
||||
RG9SclYrWEFxYWs2ck95VWQ3MlJDUlEKLS0tIDg0dXYxZUFlUTNiQ2VWUElIdU1J
|
||||
ajRYUzRGREhIenNjdnlwMmtvVCthTHMKI74UwAsVX1QKQSez4E+Ks9VAF2QwbRDa
|
||||
rO/PdBYJK+MwCptCEiinxaSc5BDAyE0wYiC6Tmldz6ZHYTv1ADe21Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-28T04:59:18Z"
|
||||
mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
|
||||
lastmodified: "2025-02-08T18:43:20Z"
|
||||
mac: ENC[AES256_GCM,data:fuTN6KncxLvzw7o3ENVYKCIcmxDDbvOeIyfn/H1M5rtw3C8WiRnuz4XviYTh2y6EHv9FGEOI5RiRmtEtqiux7xn81DBobmAdgl/RFsrMsKus0SVpGn4PmZYfO/8R9xknyX93fbYicnahYpM3aHvwQx1njK64ywN+Hp0U+PZfMoQ=,iv:4EgN+gBOwkNty9uPSb1/wDOKTEHUUEtkeDEJDkB2/EE=,tag:Meb79CBfm3tot4vKf1OOmg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.4
|
||||
|
|
|
|||
|
|
@ -12,5 +12,6 @@ spec:
|
|||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: longhorn-repo
|
||||
namespace: flux-system
|
||||
version: v1.8.0
|
||||
interval: 1m0s
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: "longhorn.local.mafyuh.com"
|
||||
- host: "longhorn.local.mafyuh.dev"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
|
|
@ -23,5 +23,5 @@ spec:
|
|||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- longhorn.local.mafyuh.com
|
||||
secretName: local-mafyuh-com-production-tls
|
||||
- longhorn.local.mafyuh.dev
|
||||
secretName: local-mafyuh-dev-production-tls
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: nginx-ingress
|
||||
name: ingress-nginx
|
||||
labels:
|
||||
name: nginx-ingress
|
||||
name: ingress-nginx
|
||||
|
|
@ -5,7 +5,7 @@ metadata:
|
|||
namespace: flux-system
|
||||
spec:
|
||||
interval: 5m
|
||||
path: "../../../apps"
|
||||
path: "./kubernetes/apps"
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ metadata:
|
|||
namespace: flux-system
|
||||
spec:
|
||||
interval: 5m
|
||||
path: "./secrets"
|
||||
path: "./kubernetes/secrets"
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-token-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
|
||||
MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
|
||||
YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
|
||||
NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
|
||||
J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-28T04:59:18Z"
|
||||
mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.4
|
||||
|
|
@ -107,10 +107,11 @@ build {
|
|||
|
||||
|
||||
provisioner "shell" {
|
||||
inline = [
|
||||
"sudo apt-get update",
|
||||
"sudo apt-get -y upgrade"
|
||||
]
|
||||
inline = [
|
||||
"sudo apt-get update",
|
||||
"sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
|
||||
"sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
|
||||
"sudo apt-get -y upgrade"
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -107,10 +107,12 @@ build {
|
|||
|
||||
|
||||
provisioner "shell" {
|
||||
inline = [
|
||||
"sudo apt-get update",
|
||||
"sudo apt-get -y upgrade"
|
||||
]
|
||||
inline = [
|
||||
"sudo apt-get update",
|
||||
"sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
|
||||
"sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
|
||||
"sudo apt-get -y upgrade"
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master1" {
|
|||
initialization {
|
||||
ip_config {
|
||||
ipv4 {
|
||||
address = "dhcp"
|
||||
address = data.bitwarden-secrets_secret.k3s_master1_ip.value
|
||||
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master2" {
|
|||
initialization {
|
||||
ip_config {
|
||||
ipv4 {
|
||||
address = "dhcp"
|
||||
address = data.bitwarden-secrets_secret.k3s_master2_ip.value
|
||||
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master3" {
|
|||
initialization {
|
||||
ip_config {
|
||||
ipv4 {
|
||||
address = "dhcp"
|
||||
address = data.bitwarden-secrets_secret.k3s_master3_ip.value
|
||||
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,4 +16,16 @@ data "bitwarden-secrets_secret" "ubu_ip" {
|
|||
|
||||
data "bitwarden-secrets_secret" "arrbuntu_ip" {
|
||||
id = "c65f8886-f6fb-4c17-bc79-b208000604bf"
|
||||
}
|
||||
|
||||
data "bitwarden-secrets_secret" "k3s_master1_ip" {
|
||||
id = "528104e1-2186-4d57-ae86-b27e01263972"
|
||||
}
|
||||
|
||||
data "bitwarden-secrets_secret" "k3s_master2_ip" {
|
||||
id = "71051171-a582-45e7-a239-b27e01269ef2"
|
||||
}
|
||||
|
||||
data "bitwarden-secrets_secret" "k3s_master3_ip" {
|
||||
id = "b48234d4-1b52-43e2-bab9-b27e0126bfdb"
|
||||
}
|
||||
Reference in a new issue